Hi desalvsj,
You are most likely indeed being hit by a crawler/spambot. Using a captcha is usually the preferred first countermeasure (though not foolproof, still stops all but the very advanced bots/services).
Since you prefer not using a captcha, we'll have to look at the next step - Serverside validation. This allows you to run a custom set of tests on the submit'd data before ChronoForms does any further actions.
A few common test are fake inputs that appears like any other form input to bots (bots "love" form inputs), but is either not visible or obvious to the user to be left empty (commonly called a honeypot). There is also the opposite, where you rely on javascript to dynamically generate a form field that the user needs to fill, though this will "lock out" any valid user not using javascript in their browser.
Another test is to check the data available of the remote user (IP, claimed user-agent, other headers). This does require constant maintenance, as these spammers often switch IP-ranges and such on a regular basis, but can be very effective if you got the effort for it.
Another technique is using RBL's; DNS-based blacklists maintained by different organisations and/or individuals. This releaves you from a large part of the task of keeping the filters up-to-date, yet makes you rely on someone else to not lock out your regular visitors. The exact way of implementing this repends on the RBL(s) you use; several do provide Joomla plugins that not only protects your ChronoForm, but your entire site (used http::bl myself in the past with good results, but you'll wan't to evaluate any RBL to see how well it works with your site and your visitors).
If you search through the forum, there's a few good examples as how to implement different filters like the ones mentioned above.
/Fredrik